---
- name: Create a k8s RoleBinding for group namespace permissions
  community.okd.k8s:
    api_key: "{{ communishift_ocp_api_token }}"
    host: "{{ communishift_ocp_api_host }}"
    state: present
    definition:
      apiVersion: rbac.authorization.k8s.io/v1
      kind: RoleBinding
      metadata:
        name: "{{ communishift_project_name }}-group-rolebinding"
        namespace: "{{ communishift_project_name }}"
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: admin
      subjects:
        - apiGroup: rbac.authorization.k8s.io
          kind: Group
          name: "{{ communishift_project_name }}-admins"

- name: Create a k8s RoleBinding for storage permissions
  community.okd.k8s:
    api_key: "{{ communishift_ocp_api_token }}"
    host: "{{ communishift_ocp_api_host }}"
    state: present
    definition:
      apiVersion: rbac.authorization.k8s.io/v1
      kind: RoleBinding
      metadata:
        name: "{{ communishift_project_name }}-efs-rolebinding"
        namespace: "{{ communishift_project_name }}"
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: Role
        name: "{{ communishift_project_name }}-efs-role"
      subjects:
        - apiGroup: rbac.authorization.k8s.io
          kind: Group
          name: "{{ communishift_project_name }}-admins"
